Infrastructure/astro
0
Fork 0
mirror of https://github.com/withastro/astro.git synced 2025-03-10 23:01:26 -05:00
Code Issues Activity
astro/.changeset/grumpy-sloths-fail.md
Emanuele Stoppa 4a43c4b743
feat: add new allowedHosts option (#13278) 
Co-authored-by: Armand Philippot <git@armand.philippot.eu>
Co-authored-by: Sarah Rainsberger <5098874+sarah11918@users.noreply.github.com>


Co-authored-by: ArmandPhilippot <59021693+ArmandPhilippot@users.noreply.github.com>
Co-authored-by: Eveeifyeve <88671402+Eveeifyeve@users.noreply.github.com>
Co-authored-by: florian-lefebvre <69633530+florian-lefebvre@users.noreply.github.com>
Co-authored-by: sarah11918 <5098874+sarah11918@users.noreply.github.com>
Co-authored-by: Fryuni <11063910+Fryuni@users.noreply.github.com>
2025-02-26 10:33:14 +00:00

938 B
Raw Blame History

astro
minor

Adds a new configuration option server.allowedHosts and CLI option --allowed-hosts.

Now you can specify the hostnames that the dev and preview servers are allowed to respond to. This is useful for allowing additional subdomains, or running the dev server in a web container.

allowedHosts checks the Host header on HTTP requests from browsers and if it doesn't match, it will reject the request to prevent CSRF and XSS attacks.

astro dev --allowed-hosts=foo.bar.example.com,bar.example.com

astro preview --allowed-hosts=foo.bar.example.com,bar.example.com

// astro.config.mjs
import {defineConfig} from "astro/config";

export default defineConfig({
  server: {
    allowedHosts: ['foo.bar.example.com', 'bar.example.com']
  }
})

This feature is the same as Vite's server.allowHosts configuration.